Under the narrower anti-money-laundering regime that has governed UK crypto until now, the FCA has rejected or forced the withdrawal of most firms that applied, with only around one in seven registrations granted since 2020, according to the regulator’s own registration statistics.

 That test only asked whether a firm could control financial crime. The new cryptoasset regime, finalised by the FCA on 30 June 2026, asks far more. If four in five firms could not pass the easier exam, the harder one will not go better for them.

 This is not a criticism of the regime. A framework that most applicants pass is not doing the job regulation exists to do. What should concern firms is not whether the bar is fair, but whether they have understood how much they now have to build to reach it.

The narrower test already fails most applicants

 The AML registration many firms hold is the floor, not the ceiling, and even the floor has proved hard to reach. Thomas Cattee, partner at Gherson Solicitors, put the failure rate at more than 85% of applications rejected or withdrawn, and warned of “a very high risk of failure for crypto firms applying for authorisation” under the new rules. 

The reason is not FCA obstruction. Many crypto firms were built to move fast and add compliance later, and the AML process exposed thin financial-crime controls, weak risk assessments and little transaction monitoring. Those are the basics; the new regime tests them too.

The new bar is higher, not lower 

Full authorisation folds crypto into the Financial Services and Markets Act, so an authorised crypto firm inherits the obligations that govern regulated finance. The AML registration does not convert; the FCA has said so. A firm that holds one is starting the harder exam from the floor, not with credit in the bank.

Cattee named the stumbling blocks: financial-crime and AML controls, the Consumer Duty, prudential and stress-testing standards, operational resilience, and senior-management accountability. Each is a separate rulebook, and each is a place an application can be judged not ready. A firm has to satisfy all of them at once.

Authorisation tests whether a firm is run like a regulated financial institution: whether it holds enough capital to absorb stress, whether its systems keep running when something breaks, whether named individuals answer for failures.

Charleyne Biondi, a vice-president at Moody’s Ratings, drew the same line from the ratings side. The regime gives the UK “a clearer path to bringing the ecosystem within the regulatory perimeter”, she said, but the compliance burden is “likely to favour larger, better-resourced firms with established risk management capabilities”. Read across the market, that is a prediction that the smaller and under-resourced thin out.

One regulator helps the process, not the pass rate

The UK’s design has an advantage. Christopher Collins, a financial markets and regulation partner at Katten Muchin Rosenman, noted that “compared to MiCA in the EU, the UK benefits from just the one regulator looking at authorisations”, supported by a pre-application support service the FCA has built. 

A single regulator means one consistent review standard rather than coordination across national authorities. That smooths the path; it does not soften the test at the end of it. Firms already authorised for other activities will find rules such as the conduct-of-business regime and the accountability regime familiar, Collins said, while those holding only an AML registration have “comparatively more new obligations to contend with”.

The overseas trading platform route is still a blank

The one part of the regime that could genuinely reshape the UK market is also the one the FCA has left unfinished. The rules let an overseas trading platform serve UK customers through an authorised UK branch, giving domestic users access to deep global liquidity rather than a ring-fenced UK pool.

The condition is not yet usable. The FCA will authorise such a branch only where the home regulator provides “comparable levels of regulatory protection”, as the FCA determines, and it has not said which jurisdictions meet that standard. Collins was blunt: that “isn’t enough clarity for firms to build a business model”, and without an upfront indication of acceptable jurisdictions, the offshore branch model “may well be a non-starter”.

That leaves a gap at the centre of a regime marketed as a route to global liquidity. A global platform cannot commit resources to a UK branch without knowing whether its existing licence counts, and law firms advising non-UK firms, including Morgan Lewis, have made the same point since publication.

Authorisation is an operational build, not a filing

Authorisation is treated in a lot of firms as a legal submission, something counsel prepares and files. The evidence points the other way: the hard part is operational, and it takes months of engineering.

David Reilly, who leads payments and retail banking work at the reconciliation firm AutoRek, said firms now know what is expected and “have until October 2027 to prove they can deliver it”, with the operational requirements, “especially around reconciliation and reporting”, being “where most firms’ real work starts now”. A stablecoin moving through its lifecycle is not a transfer but a series of “state changes across ledgers”, he said, so reconciliation has to be automated to hold up under supervision.

For issuers that scale into systemic status, that stack has to satisfy two regulators at once, since the Bank of England and the FCA read the same operational data for different reasons. A firm that starts building the reporting when the application form appears is already behind a firm that started when the rules did.

Who actually clears it

The regime is not unpassable. Passing is now a resourced, months-long programme, and the pool of firms able to run it is smaller than the pool that wants to.

The firms that look well placed share a profile. The ones already authorised for other activities know the conduct and accountability regimes and are adapting them rather than learning them from scratch. Well-capitalised firms can staff financial-crime, prudential and resilience work in parallel instead of one hire at a time. And firms that built compliance in early are, in the words of Matthijs Boon, chief partnership officer at the payments firm Equals, “well placed for authorisation” because they “treat compliance as a strategic capability”.

Everyone else faces a choice they may not have priced. Build the programme now, find a home for the activity inside an already-authorised firm, or leave the UK market. Cattee’s warning from the EU is pointed: firms that delayed under MiCA created “severe regulatory bottlenecks” and missed licensing deadlines, and the FCA’s fixed window, open from 30 September 2026 and closing on 28 February 2027, is an attempt to avoid a repeat that only works if firms move early.

The regime is a filter by design, and it is doing what a filter does. Clearing it will come down to operational readiness rather than legal drafting, and the firms in front are the ones that started building the day the rules landed.